信息网络安全 ›› 2016, Vol. 16 ›› Issue (2): 7-8.doi: 10.3969/j.issn.1671-1122.2016.02.002

• • 上一篇    下一篇

针对APT攻击中恶意USB存储设备的防护方案研究

谈诚1, 邓入弋1, 王丽娜1(), 马婧2   

  1. 1.武汉大学计算机学院,湖北武汉 430072
    2.信息保障技术重点实验室,北京 100072
  • 收稿日期:2015-09-07 出版日期:2016-02-10 发布日期:2020-05-13
  • 作者简介:

    作者简介: 谈诚(1989—),男,湖北,博士研究生,主要研究方向为网络安全;邓入弋(1991—),男,重庆,硕士,主要研究方向为主机安全;王丽娜(1964—),女,辽宁,教授,博士,主要研究方向为可信计算、数据容灾备份、网络可生存性、信息隐藏;马婧(1985—),女,北京,工程师,本科,主要研究方向为密码学理论及应用、网络安全。

  • 基金资助:
    国家高技术研究发展计划(国家863计划)[2015AA016004];国家自然科学基金[61303213,61373169];信息保障技术重点实验室开放基金[KJ-14-110,KJ-14-101]

Research on Protection Scheme for Malicious USB Storage Devices in APT

Cheng TAN1, Ruyi DENG1, Lina WANG1(), Jing MA2   

  1. 1. School of Computer, Wuhan University, Wuhan Hubei 430072, China
    2. Key Laboratory of Information Security Technology, Beijing 100072, China
  • Received:2015-09-07 Online:2016-02-10 Published:2020-05-13

摘要:

文章针对APT攻击中的恶意USB存储设备设计了一套安全防护方案。该方案构造USB存储设备的白名单,只允许白名单中的USB存储设备与计算机系统进行交互,从而防止APT攻击中定制的恶意USB存储设备对主机的非授权访问;将USB存储设备与单位各级员工绑定,在特定主机对特定的USB存储设备写保护,有效阻止了APT攻击者利用社会工程学的方法诱导内部人员对系统中数据进行越权访问;通过监控向USB存储设备复制数据的进程行为,防止隐藏的恶意程序暗中窃取系统中的数据。文章方案可以很好地防止系统中的数据遭到窃取和泄露,具有良好的实用性。文章方案进行了相关的功能测试,测试结果表明该方案可行。

关键词: APT攻击, USB存储设备, 白名单, Windows过滤驱动, 数据防泄露

Abstract:

This paper designs a protection scheme for malicious USB storage devices in APT. The protection scheme constructs a white list of USB storage devices, and only allows the USB storage devices in white list to interact with the computer system, in order to prevent customized malicious USB storage devices in APT to get unauthorized access to the host. The scheme makes USB storage devices bind with staff at all levels and write-protects the specific USB storage device on the specific host so as to effectively prevent APT attackers utilizing social engineering to induce insiders’ exceeding accesses to system data, and prevents hidden malware stealing data from the system through monitoring the process behavior that writes data to USB storage devices. As a result, the protection scheme can guard against data theft and leakage and has good practicality. This paper describes some functional tests about the protection scheme. The test results show that the scheme is feasible.

Key words: advanced persistent threat, USB storage device, white list, Windows filter driver, data leakage prevention

中图分类号: